Link Search Menu Expand Document

Check Point CloudGuard Connect

Configuration > Cloud Services > Check Point CloudGuard Connect

Check Point CloudGuard Connect provides network and cloud security with policies defined within Orchestrator overlays. The Check Point CloudGuard Connect tab has the following fields.

Field Description
Subscription Name of the appliance you want to connect with Check Point.
Interface Labels Name of the interfaces you want to connect with Check Point.
Tunnel Settings Defines the tunnels associated with Orchestrator and Check Point.
LAN Subnets Subnets configured on the LAN side associated with Check Point.

Before you begin to configure Check Point CloudGuard Connect, you need to create a Check Point account. Visit the following link to make an account:

After you create an account, you will need to create an API Key.


  1. After you complete the steps in the above URL to create your Check Point account, navigate to the Check Point CloudGuard Connect tab in Orchestrator.

  2. Select the Subscription tab to get started with Check Point.

  3. Enter your Client ID and the Secret Key you received when you created your Check Point account.

  4. Select Save after you finish entering the information in the table below. The Connection Status should appear at the top of the Subscription window.

Interface Labels

  1. Select the Interface Labels tab. The Build Tunnels Using These Interfaces opens.

  2. Drag the interface labels you want to use into the Preferred Interface Label Order column.

  3. Select Save.

Tunnel Settings

The Tunnel Settings tab helps you define the tunnels associated with Check Point and EdgeConnect. Use the Check Point default values for the General, IKE, and IPSec tunnel settings.

NOTE: You can also configure specific General, IKE, and IPSec tunnel settings. The settings are automatically generated; however, you can make modifications if you choose to do so. To go back to the default settings, select Use Default on any of the tunnel windows.

LAN Subnets

You can select the LAN subnets for a given appliance to associate with your Check Point integration. By default, LAN subnets are configured on the Deployment tab. You can also add, import a CSV file, or export a CSV file of the configured subnets.

Enabling Check Point CloudGuard Connect

When you have completed configuration, you need to enable the Check Point service.

  1. Navigate to the Business Intent Overlay tab in Orchestrator.

  2. Go to the Breakout Traffic to Internet & Cloud Services.

  3. Select the overlay that breaks out traffic to Check Point.

  4. Drag Check Point CloudGuard Connect from the Available Policies column to the Preferred Policy Order column.


Navigate to the Check Point CloudGuard Connect tab in Orchestrator to verify successful deployment under Site Status. You can also verify successful deployment on the Tunnels tab.

Import and Export Subnets

Import enables you to import a Comma Separated Values (CSV) file into a pair of appliances used in Orchestrator. Before you import, you must remove the header row and save the files on your computer. Complete the following steps to begin your import.

  1. Select Choose File.

  2. Locate the file you want to import on your desktop.

  3. Select Open.

  4. Select Import. Orchestrator generates the CSV file. The following table represents the fields in the exported CSV file.

    Appliance Configured Subnets
    <Appliance Hostname> <Configured subnets IP addresses>

    NOTE: The titles and double quotes should be removed from your file before importing.

    CAUTION: This import overwrites previously configured imports.

Back to top

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.

Open Source Code:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America